Cyber.RAR is a podcast series from six Harvard Kennedy School students: Michaela Lee, Bethan Saunders, Winnona DeSombre, Danielle Levin, Sophie Faaborg-Andersen, and Grace Park. While each bring a different lens to the show, they all share a common conviction: the field of cybersecurity is rapidly evolving, yet the national security field is falling behind. In this podcast, they uncover why the U.S. government struggles to build basic cyber infrastructure​​, explore how to regulate offensive cyber capabilities, debate the meaning and merits of “hacktivismâ€, and laugh with each other along the way. Tune in to Cyber.RAR for discussions, debates, and expert interviews on the biggest questions, challenges, and opportunities in cybersecurity.
Sophie Faaborg-Andersen, Winnona DeSombre, Bethan Saunders, Michaela Lee, Danielle Levin, Grace Park
https://www.justsecurity.org/81806/january-6-intelligence-and-warning-timeline/https://thehill.com/policy/national-security/3686920-secret-service-messages-show-the-knew-crowd-outside-jan-6-rally-was-armed/https://zetter.substack.com/p/is-the-secret-services-claim-abouthttps://www.npr.org/2022/07/15/1111778878/secret-service-deleted-messages-january-6-is-that-data-really-gonehttps://www.cbsnews.com/news/secret-service-texts-house-january-6-committee-federal-records-act/
Big Tech, honey, are you doing okay? Whether we like it or not, large technology platforms and the for-profit institutions that make them are here to stay in our society and economy. Governments are starting to craft often-overlapping regulations to try and fix the problems that come up, but instead of looking at issues one by one, let's look at these organizations as a whole - fundamentally “grow fast and break things” companies who somehow ended up in shouldering a lot of our national security, growing the international economy, and protecting values that underpin our Western society. How well does big tech help or hinder our security, privacy, and social fabric, and how will that change as the economy slows down? Show notes:Twitter:Content moderation & security: Mudge whistleblower complainthttps://techcrunch.com/2022/09/13/twitter-whistleblower-mudge-congress/Deplatforming vs. Echo chambershttps://www.vanderbilt.edu/jetlaw/2021/01/31/the-de-platforming-debate-balancing-concerns-over-online-extremism-with-free-speech/https://www.youtube.com/watch?v=6V_sEqfIL9Qhttps://www.axios.com/2021/12/06/conservative-social-media-crypto-publishing-internetStaffing at Twitterhttps://www.reuters.com/technology/after-elon-musks-ultimatum-twitter-employees-start-exiting-2022-11-18/Radioshack tries to sell off user datahttps://www.washingtonpost.com/news/the-switch/wp/2015/03/26/bankrupt-radioshack-wants-to-sell-off-user-data-but-the-bigger-risk-is-if-a-facebook-or-google-goes-bust/Uber:Uber CISO court case: https://www.csoonline.com/article/3676078/what-the-uber-verdict-means-to-cisos-youre-probably-not-going-to-jail.html Facebook / Meta:Advisory board / election issueshttps://www.cnn.com/2021/10/05/world/meanwhile-in-america-oct-6-intlBody issues re: instagram https://www.npr.org/2021/10/05/1043194385/whistleblowers-testimony-facebook-instagramOverlapping foreign government action + industrial policyState overlapping privacy lawshttps://www.ncsl.org/research/telecommunications-and-information-technology/state-laws-related-to-internet-privacy.aspx China data privacy laws / increased balkanization of internethttps://www.ey.com/en_kw/forensic-integrity-services/how-chinas-data-privacy-and-security-rules-could-impact-your-business Google's Operation Aurora: https://www.youtube.com/watch?v=przDcQe6n5oCybersecurity in a technology recession (cyber security as compliance)Google being told to cut costs by VChttps://www.businessinsider.com/google-layoffs-cost-cutting-analyst-2022-11 Benefits of security / private attribution, compliance for government contractshttps://www.securityweek.com/google-wins-lawsuit-against-glupteba-botnet-operatorsFTXhttps://www.forbes.com/sites/ninabambysheva/2022/11/21/ftx-hacker-moved-nearly-200-million-of-ether-to-different-wallets/https://www.cnn.com/2022/11/18/investing/ftx-bahamas-seizure
Minister Cina Lawson, Togo's Minister of Digital Economy and Transformation, joins Cyber.RaR for a special episode. In her role leading Togo's digital transformation, Minister Lawson oversaw rapid digital service penetration within Togo, the first deployment of 5G in West Africa, and an innovative mobile cash distribution solution for Covid-19 relief. Minister Lawson discusses the tradeoffs between growing a local cyber talent workforce and hiring experts, how Togo has sustained good security hygiene despite rapid increases in digital service provision and access, and how her team's innovative approach is derived from human-centric principles.
Worried about a nuclear war with Russia? Maybe you SHOULD be worried about beluga whales. Let's dive in (pun intended) on why. This week on Cyber.RAR, we discuss global infrastructure in the form of undersea cables transmitting data through light traveling along silicon tubes - and how fragile these systems really are. We discuss how to monitor and defend these cable networks given how massive and interconnected they are and how geography and technology factor into strategic decision-making about espionage and cyber-enabled attacks. We conclude the episode with a tribute to Secretary of Defense Ash Carter and his tremendous impact on the Kennedy School and the nation.Relevant Sources: https://www.submarinecablemap.com/ https://www.nytimes.com/interactive/2019/03/10/technology/internet-cables-oceans.htmlhttps://www.theatlantic.com/international/archive/2013/07/the-creepy-long-standing-practice-of-undersea-cable-tapping/277855/https://www.atlanticcouncil.org/in-depth-research-reports/report/cyber-defense-across-the-ocean-floor-the-geopolitics-of-submarine-cable-security/
Bloomberg - FTC Sues Mobile Data Broker Over Abortion Location Data Sale https://www.bloomberg.com/news/articles/2022-08-29/ftc-sues-mobile-data-broker-over-abortion-location-data-sales?sref=P6Q0mxvj&leadSource=uverify%20wallVice - Data Broker Is Selling Location Data of People Who Visit Abortion Clinics https://www.vice.com/en/article/m7vzjb/location-data-abortion-clinics-safegraph-planned-parenthoodForbes - Black Lives Matter Protestors Tracked by Secretive Phone Location Technology https://www.forbes.com/sites/zakdoffman/2020/06/26/secretive-phone-tracking-company-publishes-location-data-on-black-lives-matter-protesters/?sh=77520f5f4a1eAP - Tech Tool Offers Police ‘Mass Surveillance on a Budget' https://apnews.com/article/technology-police-government-surveillance-d395409ef5a8c6c3f6cdab5b1d0e27efAP - Across the US, Police Offers Abuse Confidential Databases https://apnews.com/article/699236946e3140659fff8a2362e16f43Wired - WhatsApp Has Shared Your Data with Facebook for Years Actually https://www.wired.com/story/whatsapp-facebook-data-share-notification/Gizmodo - Rights Groups Say the Pentagon is Buying its Way Around the Fourth Amendment https://gizmodo.com/rights-groups-say-pentagon-buys-freedom-from-fourth-ame-1849604210Gizmodo - The American Data Privacy Act Would Be a Bipartisan Triumph - If It Could Pass https://gizmodo.com/can-american-data-privacy-protection-act-pass-1849413911Gizmodo - Congresswoman Urges FTC to Investigate Newly Revealed Police Software Surveilling Americans' Movements https://gizmodo.com/congresswoman-ftc-to-investigate-fog-data-science-softw-1849547432Brookings - The FTC Can Rise to the Privacy Challenge, but Not Without Help from Congress https://www.brookings.edu/blog/techtank/2019/08/08/the-ftc-can-rise-to-the-privacy-challenge-but-not-without-help-from-congress/Berkman Klein Center and Minnesota Law Review - Understanding Chilling Effects https://cyber.harvard.edu/story/2021-06/understanding-chilling-effectsPEN America - Chilling Effects: NSA Surveillance Drives US Writers to Self-Censor https://pen.org/research-resources/chilling-effects/
AI-enabled security can process data faster and more accurately than humans, but can it tell the difference between turtles and rifles? We answer this question and more as we cover AI-enabled cybersecurity for network defense, insider threat, and user privacy, including considering whether AI ethics are simply business ethics. We also discuss asymmetric uses for nation-states on both offensive and defensive postures and AI-enabled malware and social engineering. Dani concludes with a deep dive into "Fog Reveal" a law enforcement cellphone tracking tool that'll make you squirm.The Verge - Google's AI Thinks Turtles are Rifles: https://www.theverge.com/2017/11/2/16597276/google-ai-image-attacks-adversarial-turtle-rifle-3d-printedForbes - Ukrainian Drones Strike Russian Artillery: https://www.forbes.com/sites/davidaxe/2022/09/02/ukraines-drones-are-back-and-blowing-up-russian-artillery/?sh=71b8f8946b8fDefenseNews - Torch.AI wins DoD Contract for Insider Threat Detection: https://www.defensenews.com/cyber/2022/08/15/torchai-wins-pentagon-insider-threat-cybersecurity-contract/Lawfare - AI and National Security: https://www.lawfareblog.com/recent-developments-ai-and-national-security-what-you-need-knowOxford Internet Institute ‘Trusting Artificial Intelligence in Cybersecurity is a Double-Edged Sword'National Security Commission on Artificial Intelligence Final Report: https://www.nscai.gov/wp-content/uploads/2021/03/Full-Report-Digital-1.pdfAP Report on Fog Reveal: https://apnews.com/article/technology-police-government-surveillance-d395409ef5a8c6c3f6cdab5b1d0e27ef
What do Cryptocurrency and the 90's have in common? Easily exploitable bugs and also Paris Hilton, apparently.We cover the state of regulation and cybersecurity within the blockchain and cryptocurrency space - covering environmental, democratization, and equity concerns, as well as user vs. system security, code audits and minimum standards. Corinna Fehst (MPP'18 and crypto strategy expert) makes a surprise guest appearance. Bethan talks about whether you should post your laptop screen on BeReal [spoiler alert, please don't]. Show Notes:Corinna Fehst: https://www.belfercenter.org/person/corinna-fehstSecurity:Scams:Reports show scammers cashing in on crypto craze | Federal Trade CommissionEmbattled crypto lender Celsius is a 'fraud' and 'Ponzi scheme,' lawsuit allegesExploiting vulnerabilities in smart contracts/wallets/code:Nomad crypto bridge loses $200 million in ‘chaotic' hack - The VergeSolana Wallet Hack: Here's What We Know So Far - DecryptNumber of Blockchain Hacks on the RiseMoney laundering / enabler of illegal activity:U.S. seizes $2.3 mln in bitcoin paid to Colonial Pipeline hackers | ReutersFBI Seizes $500,000 Ransomware Payments and Crypto from North Korean HackersDeFi Is the Wild West of Banking and Investing. Here's What Crypto Investors Should KnowCrypto Crime Trends for 2022: Illicit Transaction Activity Reaches All-Time High in Value, All-Time Low in Share of All Cryptocurrency Activity - ChainalysisMid-year Crypto Crime Update: Illicit Activity Falls With Rest of Market, With Some Notable Exceptions - Chainalysishttps://www.cnbc.com/2022/05/18/china-is-second-biggest-bitcoin-mining-hub-as-miners-go-underground.html
Good WashPo article: A new era of industrial policy kicks off with signing of the Chips ActGeneral relationship between semiconductors/cyber: Cybersecurity and Semiconductors: How are they related? Helpful article for context: How the 'chips-plus' bill grew by nearly 1,000 pages - Roll CallRead “Discussion of the CHIPS Act Section: The US CHIPS Act.From Grace - AAPI Amendment that was removedSkim DoD Statement for the national security angle (re microelectronics): CHIPS Act Advances DOD's Emphasis on MicroelectronicsChips Act Summary by the Department of CommerceIndustry Matching of Chips ActBloomberg's "The Big Hack - How China Used a Tiny Chip to Infiltrate US Companies""Bloomberg Stands Firm as Story Denials Mount"AAPI Profiling amendment that was removed from the CHIPS Act
Michaela dives deeper into the nexus of cyber and vulnerable populations through an interview with Eva Galperin, the Director of Cybersecurity at the Electronic Frontier Foundation (EFF). Listen in on our conversation about stalkerware, privacy, and activism! Listen to the end of the episode to hear what the Cyber.RAR team is up to (plus the prospect of Season 2!?). If you'd like to reach out to us, send an email to cyberRAR.podcast@gmail.com!Girls Lean Back Everywhere: The Law of Obscenity and the Assault on Genius: https://en.wikipedia.org/wiki/Girls_Lean_Back_EverywhereMaryland SB 134: https://www.eff.org/deeplinks/2022/04/victory-maryland-police-must-now-be-trained-recognize-stalkerwareResources for vulnerable populations: --EFF: https://www.eff.org/pages/tools --Access Now: https://www.accessnow.org/help/ --Department of Homeland Security: https://www.ready.gov/cybersecurity --Consumer Reports: https://securityplanner.consumerreports.org/
How do we better protect our most vulnerable populations from cyber incidents? Michaela leads the conversation and posits that instead of thinking about it as a domain of war, we should use a climate analogy to think about the increasing vulnerability of our digital ecosystem. This could help us understand the disaggregated impacts on different communities and change the way we think about building resilience. If you'd like to reach out to us, send an email to cyberRAR.podcast@gmail.com!Dusseldorf University Hospital Ransomware Attack: https://www.wired.co.uk/article/ransomware-hospital-death-germanyCISA alert on the increased threat of ransomware: https://www.cisa.gov/uscert/ncas/alerts/aa22-040aDarknet Diaries Episode: https://darknetdiaries.com/transcript/106/Cuckoo's Egg: https://en.wikipedia.org/wiki/The_Cuckoo%27s_Egg_(book)Resources for vulnerable populations:--EFF: https://www.eff.org/pages/tools--Access Now: https://www.accessnow.org/help/--Department of Homeland Security: https://www.ready.gov/cybersecurity--Consumer Reports: https://securityplanner.consumerreports.org/
Eric Rosenbach, Co-Director of the Belfer Center and Former Chief of Staff of the Pentagon, joins Cyber.RAR to talk about the major roadblocks facing innovation within the Department of Defense. Eric, Bethan, and Sophie dive into the challenges facing talent management in national security, overcoming the DoD's aversion to innovative risk-taking, and why the DoD still doesn't have central cloud computing.Eric Rosenbach Bio: https://www.hks.harvard.edu/faculty/eric-rosenbachhttps://www.dds.mil/abouthttps://www.defense.gov/News/News-Stories/Article/Article/2327021/diu-making-transformative-impact-five-years-in/
Bethan and Sophie explore why it's so hard to get innovative digital technologies into the Defese Department. The discussion starts with JEDI (and no, not from Star Wars) and covers the challenges facing the defense innovation ecosystem and how a new aqusitions playbook is needed for software and cyber capabilities. Grace shares their experience working with technology as an Army Signal Officer and Winnona asks some tough questions about the DoD procurement and contracting process. Get ready for a few Star Wars puns! https://aida.mitre.org/dod-innovation-ecosystem/https://www.diu.mil/about https://innovation.defense.gov/ https://techcrunch.com/2021/11/19/pentagon-announces-new-cloud-initiative-to-replace-ill-fated-jedi-contract/ https://www.nationaldefensemagazine.org/articles/2022/1/26/silicon-valley-takes-on-the-valley-of-death https://www.fedscoop.com/list/7-cloud-programs-leading-the-way-in-government/https://dl.dod.cyber.mil/wp-content/uploads/dces/pdf/GeneralCESFAQs.pdf https://aida.mitre.org/ota/
Bruce Schneier website and bio: https://www.schneier.com/
Grace asks the question: Political Hacktivism (Hacking + Activism), chaotic good or chaotic evil? What even counts as activism versus terrorism in cyberspace? Is it simply ideological or is it normative? And looking forward, what does the second rise of hacktivism mean for the global order?
Cyber policy papers: https://docs.google.com/spreadsheets/d/1pnISykZe1nn1wwWBJRiaxYaqDoj4ADeBtsoUL41Hw2Y/edit?usp=drive_web&ouid=116612216017356103570The Modern Mercenary: https://www.amazon.com/Modern-Mercenary-Private-Armies-World/dp/0199360103
Show Notes: NSO: https://www.zdnet.com/article/commerce-dept-sanctions-nso-group-positive-technologies-and-more-for-selling-spyware-and-hacking-tools/https://www.apple.com/newsroom/2021/11/apple-sues-nso-group-to-curb-the-abuse-of-state-sponsored-spyware/ https://www.theverge.com/2021/12/21/22848485/pegasus-spyware-jamal-khashoggi-murder-nso-hanan-elatr-new-analysis https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/https://www.theguardian.com/us-news/2021/nov/08/nso-israeli-spyware-company-whatsapp-lawsuit-ruling https://www.wired.com/story/nso-group-forcedentry-pegasus-spyware-analysis/https://citizenlab.ca/2018/11/mexican-journalists-investigating-cartels-targeted-nso-spyware-following-assassination-colleague/ Offensive Cyber Capabilities https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/a-primer-on-the-proliferation-of-offensive-cyber-capabilities/ Coseinc: https://risky.biz/RB310/
History of Russian Cyber Strategy: https://www.boozallen.com/c/insight/publication/the-logic-behind-russian-military-cyber-operations.html
Cyber Escalation Fallacy: https://www.foreignaffairs.com/articles/russian-federation/2022-04-15/cyber-escalation-fallacyHistory of Russian Cyber Strategy: https://www.boozallen.com/c/insight/publication/the-logic-behind-russian-military-cyber-operations.html
Harvard Reading and Research Credits https://www.hks.harvard.edu/educational-programs/courses/course-registration